Southern Montana Telecommunications Policy & Procedure

Subject: PRIVACY & CPNI

POLICY: It is the policy of Southern Montana Telecommunications to maintain privacy for all subscribers and to ensure that all SMT and regulatory agency guided standards are met. This includes the protections of Customer Proprietary Network Information (CPNI) as set forth in the FCC.

PURPOSE:This policy is a public policy available to SMT administration and staff, SMT subscribers, and any vendors or third-party service providers to guide the process SMT uses to collect, use, and protect subscriber information.

Section I PRIVACY POLICY

Section II CPNI POLICY

I. PRIVACY POLICY

When a subscriber establishes an account for services, a variety of information is required to create a service relationship. Personal information such as name, address, telephone number, in addition to social security and driver’s license information may be required for billing and payment purposes. SMT may also collect information about service options or long distance selections. If a subscriber rents the residence where service is requested, SMT may require landlord consent or information to install facilities or services. SMT may also collect protected information when subscribers’ ask for support, have questions about a bill, respond to survey’s or emails, engage in conversations, register for information, or participate in promotions or contests. In addition, SMT may combine subscribers’ personal information collected as a part of regular business operations with personal information obtained for marketing purposes (See subscriber’s right to limit or restrict uses of personal information in Policy Section II – CPNI Policy).

A. Use of Personal Information – SMT is authorized to collect the personal information necessary to provide services.

SMT is prohibited from collecting subscribers’ personal information for any other purpose without your consent. SMT considers the personal information contained in our business records to be confidential; however, SMT is authorized to disclose personal information for three general purposes

1. We may be required by law or legal process to disclose information to law enforcement personnel or to other parties in connection with litigation.

2. We may disclose the names and addresses of subscribers for business related purposes.

Transmission of name/telephone number displayed on Caller ID

Subscriber name/address/telephone number for public safety/E911 database services

Personal information is occasionally used by SMT and our affiliates for internal business purposes, as well as to outside auditors, professional advisors and service partners, and regulators.

3. We may disclose information necessary to provide your services.

The use of personal information includes, but is not limited to, the following examples:

provide subscriber services;

customize subscriber services;

configure-service related devices;

account security;

bill for subscriber services;

provide subscriber service and support;

manage the network supporting subscriber services;

make subscribers aware of new products or services that may be of interest;

service improvements;

detect use or abuse of subscriber services; and

compliance with policies or terms of service

B. Information Collected During Use of Service – When subscribers use services, SMT transmits information in order to provide subscriber services. Originating and terminating call data, such as the times, long distance providers used, and duration of calls is stored for billing services.

We may contract with third-party providers to provide specific services and features for subscriber services. If third-party providers use any personal information, they will collect, disclose, and protect personal information in accordance with the practices stated herein.

SMT Communications – On a routine basis and in the normal scope of business operations, SMT will communicate with subscribers in a variety of ways.

Special Offers & Updates – Subscribers may receive information from SMT via U.S. mail, e-mail, and other means in an effort to provide service related announcements and information on SMT services that may be of interest (See Do Not Call/Do Not Mail section below).

Customer Service – SMT may regularly communicate with subscribers to provide requested services and support for questions and issues relating to a subscriber’s account.

Do Not Call/Do Not Mail Lists – SMT is authorized to use subscriber contact information to place telephone calls or to sent print literature for marketing or promotional purposes. Subscribers may, at any time, put their name on the SMT “Do Not Call” or “Do Not Mail” lists so that they do not receive promotional calls or mail. (See subscriber’s right to limit or restrict uses of personal information in Policy Section – CPNI)

SMT Website – The SMT website is a regularly updated communication tool. SMT may include within the website links to other websites or information sources. SMT is not responsible for the privacy practices of linked sites.

D. Correcting and Accessing Information – Subscribers may examine and copy personal information we collect and maintain upon reasonable notice during regular business hours. We may be unable to provide certain records without a subpoena, court order, or search warrant. SMT reserves the right to charge a fee for the production of any documents.

Information is corrected on a going-forward basis when personal information we have collected is inaccurate. It is not possible for SMT to correct information appearing in vendor directory lists until the next available publication of those directory lists. Further, SMT has no control over information appearing in the directory lists or directory assistance services of directory publishers or directory assistance providers not affiliated with SMT.

E. Retention of Information – SMT maintains subscriber information in our regular business records while subscribers are active and for a period of time after. The time period information kept is based on typical business, legal or regulatory requirements. If there are no pending requests, orders, or court orders for access to this data, we may destroy the information after it is no longer necessary.

II CUSTOMER PROPRIETARY NETWORK INFORMATION (CPNI) POLICY

SMT is committed to maintaining subscriber privacy. In addition to protecting personal information, SMT is obliged to give additional protections to certain information about which displays how subscribers use their services. This information is known as Customer Proprietary Network Information or CPNI.

A. Definition of CPNI – CPNI is the information about the quantity, technical configuration, type, destination, location, and the amount of subscriber use. It is also information contained on a subscriber telephone bill concerning the services subscribers’ receive. That information when matched with a subscriber’s name, address, and telephone number is known as “Customer Proprietary Network Information”, or “CPNI”. Examples of CPNI are:

Information a telecommunications provider has as a result of providing service to a subscriber;

Type of service purchased by a subscriber;

Providers selected or used by a subscriber;

Information appearing on the subscriber’s bill;

Who a subscriber calls, where they call, when they call, or how much they call;

How much a subscriber uses their services; and

How a subscriber uses their services.

CPNI is not:

A customer’s name, address or telephone number (when used in phone books and directory listings/publishing services);

Aggregate information, or data that is lumped together and is not specific to a single customer – reports containing total counts, number of subscribers selecting various long distance carriers, etc.; and

Subscribers receiving services with SMT have a right, and SMT has a duty, under federal law to protect the confidentiality of subscriber CPNI. Unless approval is obtained, SMT may not use CPNI to market products and services to subscribers other than for the services a subscriber currently purchases.

B. Authentication Requirements – Following the FCC amendments to CPNI regulation on August 2, 2007, SMT will utilize new authentication methods to establish subscriber identity. Customers of SMT must be authenticated prior to releasing any CPNI in one of the following three methods:

Subscribers may provide a pre-established password

SMT may call the subscriber back at the telephone number associated with the services purchased

SMT may mail the records to the address of record

SMT is prohibited from releasing call detail information during customer initiated conversations without a verification method to identify the customer of record.

Passwords and/or PIN numbers will be provided to subscribers for security purposes. They must not be social security numbers, mother’s maiden name, amount of the last bill or pet’s names. Back-up authentication is accepted; however, if a subscriber fails to provide the correct password and/or back-up response, they must be re-authenticated prior to gaining online access.

C. When Can SMT Disclose CPNI

When the subscriber has been properly identified using an accepted method to verify identity

When the subscriber has approved use of their CPNI for sales and marketing efforts

When disclosure is required by court order or law

When the subscriber provides oral, written or electronic authorization to disclose their information to another individual. Proof of authorization must be retained on the customer’s account for a period of at least one year.

To protect the rights, property of SMT, or to protect subscribers and other carriers from fraudulent, abusive, or unlawful use of services

When a carrier request to know if the customer has a preferred carrier (PIC) freeze

For all directory listing services

To provide the services purchased by the customer

To bill the customer for services purchased

To assist the customer with troubles associated with their troubles

D. Use Approval for CPNI – The use of CPNI enhances the ability of SMT to offer products and services tailored to a subscriber’s specific needs; this could include any communications products and services or special promotions.

SMT will send out notices once every two years explaining subscriber rights related to CPNI; this will include directions for subscribers to restrict CPNI use. If a subscriber denies or restricts the use of CPNI, the restriction remains in effect until services are discontinued or the subscriber affirmatively revokes the request.

Unless a subscriber contacts SMT and restricts the use of CPNI, it is the policy of SMT to assume that all subscribers approve the use of CPNI.

E. Protecting CPNI – SMT uses numerous methods to protect subscriber CPNI. This process begins with software enhancements which display whether or not a subscriber has approved the use of their CPNI. Other ways SMT protects CPNI are as follows: